View All Jobs/Careers

Cyber Security Analyst

Description

Cyber Security Analyst

Job Description

A Southern Company Security Analyst participates in monitoring, hunting and responding to cyber security events. He or She, provides a front-line role during cyber security incidents, identifying the extent of the threat, business impacts and advising or sometimes performing the most suitable course of action to contain, eradicate and remediate an incident. A Southern Company Security Analyst maintains a good knowledge of the threat landscape, helps enhance visibility and response capabilities by identifying new methods of detecting threats. A Southern Company Security Analyst is proactive and seeks out adversaries determined to negatively impact Southern Companies reputation, financial interest or threatens the safety of our employees and customers.

Candidates are expected to discuss and demonstrate that they meet required qualifications for applicable role.

Responsibilities

• Take action on security events presented to Analyst via SIEM, user submissions, dashboards, etc.

• Self-initiate hunting initiatives to discover potential breaches or undiscovered cyber threats

• Remain abreast of emerging threat patterns and provide recommendations to detect threats

• Assists with patching recommendations and workarounds for zero-day threats.

• Coordinate mitigation or remediations task with stakeholders or supporting teams

• Communicates with management on incident updates.

• Monitors SIEM and analyzes security events to determine appropriate actions

• Monitors emails containing links/attachments associated with potential phishing attempts to determine appropriate actions

• Identify and tune false positives associated with current security events

• Document analytical steps and findings associated with security event investigations

OR (for Senior Analyst all the above including)

• Escalation resource for other Cyber Security Analyst

• Represents Security Operations Center at internal/external meetings

• Develop use cases to increase visibility across Southern Company threat landscape

• Draft processes and procedures associated with daily operations

Qualifications Required for Cyber Security Analyst

• 2 years IT security experience

• Minimum 2 years of experience in performing analysis on Windows and LINUX/UNIX systems

• Minimum 2 years of experience and/or familiarity in the following areas:

• Network/Endpoint: analysis tools

• Scripting languages

• Windows/Unix command line utilities

• Reputation analysis associated with IP’s, Domains, Email Addresses

• Ticketing Systems

• Required to submit to a background examination.

• Experience operating within a security application such as Kali, Metasploit, and etc.

OR (for Senior Analyst consideration) all the above qualifications including:

• 2 years Security Operations Center experience

• Exposure investigating security events associated with cloud applications

• Developed and tuned use cases for alerting in a SIEM

• Experience drafting Security Analyst procedures

• Experience working with an Incident Response team during a Cyber Security event/incident

• Familiar with and have worked within Cyber Security Frameworks such as:

• NIST 800 – 61

• Attack Life Cycle

• SANS Security Controls

• MITRE

• SANS Security 500 Series or other industry standard equivalent

• Experience with PCAP analysis

• Experience investigating endpoint and network security events

• Experience investigating user reported Phishing events (specifically investigating suspicious links and attachments)

• Experience analyzing security events utilizing sandbox technology

• Experience operating within a security application such as Kali, Metasploit, and etc.

• Oral and written communication skills

• Experience taking ownership of incidents from acknowledgement to resolution

• Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies

• Experience initiating security event investigations

Preferred capabilities :

• Oral and written communication skills

• Ability to take ownership of incidents from acknowledgement to resolution

• Ability to initiate security event investigations

• Ability to comprehend and articulate business impact associated with security events

• Interacting with vendors to support proof of concepts

• Proficient in Microsoft Office products: Excel, Word, Outlook and etc.

• Exposure, experience and/or knowledge of cloud technology

• Familiar with NIST 800-61 and SANS Critical Security Controls

• Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies

Desired certifications:

• GIAC Security Essentials (GCIH)

• GIAC Certified Intrusion Analyst (GCIA)

• Security

• Other certifications within IT Security

Characteristics of an Southern Company Cyber Analyst

• Self-Motivated – Cyber Analysts do not only act when security tools trigger alerts, we are suspicious by nature and can generate security events based on self-initiated task.

• Perseverance - Cyber Analysts identify resources that allow us to move through or around barriers as we analyze cyber security events.

• Dependable – Cyber Analysts work within a team environment and thus, we rely on one another for knowledge-sharing and dependence.

• Integrity - As Cyber Analysts, our reputation is our code of ethics. We are not perfect. We admit our mistakes. We do the right thing.

• Sense of Humor – Although this may vary, just have one; I promise we can work with it. We have a lot of fun in what we do, so you will need a sense of humor to keep up.

#LI

Job Field: Information Technology

Job Type: Standard

Primary Location: Georgia-Metro Atlanta-Atlanta

Operating Company: Southern Company Services

Job Type: Standard

Travel (Up to...): Yes, 25 % of the Time

Work Location(s):

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

Req ID: SCS2009093